Skip to main content
SpringerLink
Log in

Intrusion Detection System Based on Hybrid Hierarchical Classifiers

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

According to this research work, the updated KDD-99 database is considered for the enlargement of hybrid hierarchical intrusion detection system (IDS). A total set of 4,898,431 testing instances comprising of 972,781 testing instances of normal type class and 3,925,650 testing instances of attack type class are used. The attack class consists of four distinct type of malicious activities named as DOS, U2R, R2L, and probing. The complete set of instances are further bifurcated into training and testing instance set in the ratio of 50–50. In hierarchical classifier structure, level-1 classifier is used for classification between normal and attack class. Attack class test samples are passed to level-2 classifier, which is used to identify the input test samples into DoS and additional type class. After that, other type test samples are passed to level-3 classifier, which is capable of classifying the tests into R2L and remaining class. Once again remaining class test samples are passed to level-4 classifier, which has the ability to classify the test samples into U2R and probing type of attack. Then, the most excellent performing classifiers at one and all level are again arranged in required hierarchical order to get hybrid hierarchical classifier, so that overall detection ratio is high at each level. After the validation of the proposed work on KDD-99 dataset, the highest detection rate is achieved with the help of hierarchical structure of SSVM classifier based IDS i.e. 97.91%. It has also been calculated that the Overall Detection Accuracy (ODA) of 96.80%, 96.32%, 95.86%, 97.89% and 97.74% is achieved by SVM, PNN, DT, NFC and kNN classifiers in hierarchical structure respectively. The proposed hybrid hierarchical classifier based IDS attained the ODA of 98.79%, which is highest among all experiments ODAs.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17

Similar content being viewed by others

References

  1. Endorf, C. F., Schultz, E., & Mellander, J. (2004). Intrusion detection and prevention. McGraw Hill Professional.

  2. Anderson, J. P. (1980). Computer security threat monitoring and surveillance. Technical Report, James P. Anderson Company.

  3. Kumar, I., Mohd, N., Bhatt, C., & Sharma, S. K. (2020). Development of IDS using supervised machine learning. In M. Pant, T. K. Sharma, R. Arya, B. C. Sahana, & H. Zolfagharinia (Eds.), Soft computing: Theories and applications (pp. 565–577). Springer. https://doi.org/10.1007/978-981-15-4032-5_52

  4. Denning, D. E. (1987). An intrusion-detection model. IEEE Transactions on Software Engineering, 2, 222–232. https://doi.org/10.1109/TSE.1987.232894

    Article  Google Scholar 

  5. Kumar, I., Bhadauria, H. S., Virmani, J., & Thakur, S. (2017). A hybrid hierarchical framework for classification of breast density using digitized film screen mammograms. Multimedia Tools and Applications, 76(18), 18789–18813. https://doi.org/10.1007/s11042-016-4340-z

    Article  Google Scholar 

  6. Rawat, J., Singh, A., Bhadauria, H. S., Virmani, J., & Devgun, J. S. (2017). Classification of acute lymphoblastic leukaemia using hybrid hierarchical classifiers. Multimedia Tools and Applications, 76(18), 19057–19085. https://doi.org/10.1007/s11042-017-4478-3

    Article  Google Scholar 

  7. Alivar, A., Danyali, H., & Helfroush, M. S. (2016). Hierarchical classification of normal, fatty and heterogeneous liver diseases from ultrasound images using serial and parallel feature fusion. Biocybernetics and Biomedical Engineering, 36(4), 697–707. https://doi.org/10.1016/j.bbe.2016.07.003

    Article  Google Scholar 

  8. Gletsos, M., Mougiakakou, S. G., Matsopoulos, G. K., Nikita, K. S., Nikita, A. S., & Kelekis, D. (2003). A computer-aided diagnostic system to characterize CT focal liver lesions: Design and optimization of a neural network classifier. IEEE Transactions on Information Technology in Biomedicine, 7(3), 153–162. https://doi.org/10.1109/TITB.2003.813793

    Article  Google Scholar 

  9. Lasztovicza, L., Pataki, B., Székely, N., & Tóth, N. (2014). Neural network based microcalcification detection in a mammographic CAD system. International Journal of Computing, 3(3), 13–19.

    Article  Google Scholar 

  10. Owjimehr, M., Danyali, H., Helfroush, M. S., & Shakibafard, A. (2017). Staging of fatty liver diseases based on hierarchical classification and feature fusion for back-scan—Converted ultrasound images. Ultrasonic Imaging, 39(2), 79–95. https://doi.org/10.1177/0161734616649153

    Article  Google Scholar 

  11. Silla, C. N., & Freitas, A. A. (2011). A survey of hierarchical classification across different application domains. Data Mining and Knowledge Discovery, 22(1), 31–72. https://doi.org/10.1007/s10618-010-0175-9

    Article  MathSciNet  MATH  Google Scholar 

  12. Sood, M., & Bhooshan, S. V. (2015). Hierarchical computer aided diagnostic system for seizure classification. In 2015 2nd international conference on computing for sustainable global development (INDIACom) (pp. 1925–1930). IEEE.

  13. Mohd, N., Annapurna, S., & Bhadauria, H. S. (2014). Taxonomy on security attacks on self configurable networks. World Applied Sciences Journal, 31(3), 390–398. https://doi.org/10.5829/idosi.wasj.2014.31.03.1973

    Article  Google Scholar 

  14. Verwoerd, T., & Hunt, R. (2002). Intrusion detection techniques and approaches. Computer Communications, 25(15), 1356–1365. https://doi.org/10.1016/S0140-3664(02)00037-3

    Article  Google Scholar 

  15. Khan, S., Loo, K. K., & Din, Z. U. (2010). Framework for intrusion detection in IEEE 80211 wireless mesh networks. The International Arab Journal of Information Technology, 7(4), 435–440.

    Google Scholar 

  16. Mohd, N., Singh, A., & Bhadauria, H. S. (2020). A novel SVM based IDS for distributed denial of sleep strike in wireless sensor networks. Wireless Personal Communications, 111, 1999–2022. https://doi.org/10.1007/s11277-019-06969-9

    Article  Google Scholar 

  17. Abraham, A., Grosan, C., & Martin-Vide, C. (2007). Evolutionary design of intrusion detection programs. IJ Network Security, 4(3), 328–339.

    Google Scholar 

  18. Tiwari, A., & Ojha, S. K. (2019). Design and analysis of intrusion detection system via neural network, SVM, and neuro-fuzzy. In A. Abraham, P. Dutta, J. K. Mandal, A. Bhattacharya, & S. Dutta (Eds.), Emerging technologies in data mining and information security (pp. 49–63). Springer. https://doi.org/10.1007/978-981-13-1951-8_6

  19. Abraham, A., Jain, R., Thomas, J., & Han, S. Y. (2007). D-SCIDS: Distributed soft computing intrusion detection system. Journal of Network and Computer Applications, 30(1), 81–98. https://doi.org/10.1016/j.jnca.2005.06.001

    Article  Google Scholar 

  20. Roman, R., Zhou, J., & Lopez, J. (2006). Applying intrusion detection systems to wireless sensor networks. In IEEE consumer communications and networking conference (CCNC 2006). https://doi.org/10.1109/CCNC.2006.1593102.

  21. Karataş, F., & Korkmaz, S. A. (2018). Big Data: Controlling fraud by using machine learning libraries on spark. International Journal of Applied Mathematics Electronics and Computers, 6(1), 1–5. https://doi.org/10.18100/ijamec.2018138629

    Article  Google Scholar 

  22. Peng, K., Leung, V. C., & Huang, Q. (2018). Clustering approach based on mini batch k-means for intrusion detection system over big data. IEEE Access, 6, 11897–11906. https://doi.org/10.1109/ACCESS.2018.2810267

    Article  Google Scholar 

  23. Anuar, N. B., Sallehudin, H., Gani, A., & Zakaria, O. (2008). Identifying false alarm for network intrusion detection system using hybrid data mining and decision tree. Malaysian Journal of Computer Science, 21(2), 101–115. https://doi.org/10.22452/mjcs.vol21no2.3

    Article  Google Scholar 

  24. Golovko, V., & Kochurko, P. (2005). Intrusion recognition using neural networks. In 2005 IEEE intelligent data acquisition and advanced computing systems: Technology and applications (pp. 108–111). IEEE. https://doi.org/10.1109/IDAACS.2005.282950.

  25. Hu, W., Liao, Y., & Vemuri, V. R. (2003). Robust anomaly detection using support vector machines. In Proceedings of the international conference on machine learning (pp. 282–289).

  26. Chen, W. H., Hsu, S. H., & Shen, H. P. (2005). Application of SVM and ANN for intrusion detection. Computers and Operations Research, 32(10), 2617–2634. https://doi.org/10.1016/j.cor.2004.03.019

    Article  MATH  Google Scholar 

  27. Li, Y., & Parker, L. E. (2008). Intruder detection using a wireless sensor network with an intelligent mobile robot response. In IEEE SoutheastCon 2008 (pp. 37–42). IEEE. https://doi.org/10.1109/SECON.2008.4494250

  28. Peng, K., Leung, V., Zheng, L., Wang, S., Huang, C., & Lin, T. (2018). Intrusion detection system based on decision tree over big data in fog environment. Wireless Communications and Mobile Computing. https://doi.org/10.1155/2018/4680867

    Article  Google Scholar 

  29. Belouch, M., El Hadaj, S., & Idhammad, M. (2018). Performance evaluation of intrusion detection based on machine learning using Apache Spark. Procedia Computer Science, 127, 1–6. https://doi.org/10.1016/j.procs.2018.01.091

    Article  Google Scholar 

  30. Ye, K. (2019). Key feature recognition algorithm of network intrusion signal based on neural network and support vector machine. Symmetry, 11(3), 380. https://doi.org/10.3390/sym11030380

    Article  Google Scholar 

  31. Yin, C., Zhu, Y., Fei, J., & He, X. (2017). A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access, 5, 21954–21961. https://doi.org/10.1109/ACCESS.2017.2762418

    Article  Google Scholar 

  32. Kalaivani, S., Vikram, A., & Gopinath, G. (2019). An effective swarm optimization based intrusion detection classifier system for cloud computing. In 2019 5th international conference on advanced computing and communication systems (ICACCS) (pp. 185–188). IEEE. https://doi.org/10.1109/ICACCS.2019.8728450.

  33. Taher, K. A., Jisan, B. M. Y., & Rahman, M. M. (2019). Network intrusion detection using supervised machine learning technique with feature selection. In 2019 International conference on robotics, electrical and signal processing techniques (ICREST) (pp. 643–646). IEEE. https://doi.org/10.1109/ICREST.2019.8644161.

  34. Kim, J., Kim, J., Thu, H. L. T., & Kim, H. (2016). Long short term memory recurrent neural network classifier for intrusion detection. In 2016 International conference on platform technology and service (PlatCon) (pp. 1–5). IEEE. https://doi.org/10.1109/PlatCon.2016.7456805.

  35. Al-Qatf, M., Lasheng, Y., Al-Habib, M., & Al-Sabahi, K. (2018). Deep learning approach combining sparse autoencoder with SVM for network intrusion detection. IEEE Access, 6, 52843–52856. https://doi.org/10.1109/ACCESS.2018.2869577

    Article  Google Scholar 

  36. Bay, S. D., Kibler, D., Pazzani, M. J., & Smyth, P. (2000). The UCI KDD archive of large data sets for data mining research and experimentation. ACM SIGKDD Explorations Newsletter, 2(2), 81–85.

    Article  Google Scholar 

  37. KDD Cup 1999. Available on: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html, Ocotber 2007.

  38. Chang, C. C., & Lin, C. J. (2012). LIBSVM, A library of support vector machines. Available at https://www.csie.ntu.edu.tw/~cjlin/libsvm.

  39. Kumar, I., Bhadauria, H. S., & Virmani, J. (2015). Wavelet packet texture descriptors based four-class BIRADS breast tissue density classification. Procedia Computer Science, 70, 76–84. https://doi.org/10.1016/j.procs.2015.10.042

    Article  Google Scholar 

  40. Kher, R., Pawar, T., Thakar, V., & Shah, H. (2015). Physical activities recognition from ambulatory ECG signals using neuro-fuzzy classifiers and support vector machines. Journal of Medical Engineering and Technology, 39(2), 138–152. https://doi.org/10.3109/03091902.2014.998372

    Article  Google Scholar 

  41. Sun, C. T., & Jang, J. S. (1993). A neuro-fuzzy classifier and its applications. In [Proceedings 1993] second IEEE international conference on fuzzy systems (pp. 94–98). IEEE. https://doi.org/10.1109/FUZZY.1993.327457.

Download references

Acknowledgements

The authors are grateful to TEQIP-III of Uttarakhand Technical University, Dehradun, for providing financial and technical support under advice No.-C081908383584. Further authors are greatly indebted towards Graphic era deemed to be university for providing necessary support to carry out this work also the flexibility provided by the university to researchers is highly appreciable.

Author information

Authors and Affiliations

  1. G. B. Pant Institute of Engineering and Technology, Pauri Garhwal, Uttarakhand, India

    Noor Mohd, Annapurna Singh & H. S. Bhadauria

  2. Graphic Era Deemed To Be University, Dehradun, Uttarakhand, India

    Noor Mohd

Authors
  1. Noor Mohd
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Annapurna Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. H. S. Bhadauria
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Noor Mohd.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendices

Annexure A

The list of 41 attributes and their data type are listed as in Table 13.

Table 13 List of attributes and their data type
Full size table

Annexure B

See Table 14.

Table 14 Type of attack
Full size table

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mohd, N., Singh, A. & Bhadauria, H.S. Intrusion Detection System Based on Hybrid Hierarchical Classifiers. Wireless Pers Commun 121, 659–686 (2021). https://doi.org/10.1007/s11277-021-08655-1

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-021-08655-1

Keywords

Search

Navigation